Hidden, Fast and Hard to Catch: The Visibility Problem in Modern Fraud

The hidden signals behind fraud that move faster than humans.

The First Indication Came At the Bank

Ivy, who asked that only her first name be used, was going about her day-to-day life happily doing the things she always did, not sparing a thought on the systems she relies on that make these daily activities easy and predictable. Then one day, something caught her off guard and stopped her cold. She did nothing wrong and it is unlikely she will ever know how it happened. All she knows, and will ever know, is that it happened.  

Ivy doesn’t describe herself as someone who takes financial risks or does anything unpredictably. Her spending is deliberate. Every week she goes to her bank and withdraws $100 to cover her expenses, a routine she has followed for years and one that keeps things simple and certain. 

One Wednesday in January, Ivy went to her bank, received the usual friendly greetings from the tellers she always sees and requested to withdraw her weekly $100. Instead, she was denied. 

"When I went in, they said, ‘Oh, you’re overdrawn,’ and I said, that’s impossible.”  

- Ivy

Ivy still has the exact document the tellers printed for her that day. It showed a $9,999 withdrawal initiated the day before by an unfamiliar payment processor on behalf of a person whose name she did not recognize.  The balance at the bottom showed her account was more than $1.5K below zero.  

From her perspective, there was no version of events where this transaction made sense. She had been with the bank for more than 40 years, she was the only person with access to the account and the pattern of her spending had not changed. 

There had been no call, no message, no indication that anything unusual was happening. The first time she saw the transaction was standing at the counter, looking at a printed record of something that had already gone through and was now keeping her from her own money. 

The number did not feel accidental 

To Ivy, the transaction immediately felt wrong. The amount was far larger than anything she would normally withdraw and nothing about it matched the way she had used her account for years.

Unbeknownst to Ivy, US banks are required to report cash transactions over $10,000 through a Currency Transaction Report filed with the Financial Crimes Enforcement Network as part of the Bank Secrecy Act. The reporting is based on the total amount moved in a single day.

She did not know the details of the regulation, but she recognized what the number suggested. “The reason why it wasn’t $10,000, the reason why it wasn’t flagged… it came in $1 short,” she said. “These people knew what they were doing.”  

While Ivy could not know exactly why that amount was chosen, her concern reflects a wider pattern where fraud is becoming faster, more calculated and harder for customers to spot before the damage is done.

Ivy’s experience feels personal, but it is not unique 

To understand how something like this gets through, let's step back from Ivy’s story and look at the larger pattern. 

The LexisNexis® Risk Solutions Cybercrime Report, based on more than 116 billion transactions analyzed in 2025, shows that fraud is increasing and moving faster, driven by automation and more complex attacks.  

Some of that growth is happening before money ever moves. The report found that login attacks rose 89% year over year, which means more fraudsters are trying to get into accounts instead of tricking victims into transferring money.

It also found that automated bot attacks rose 59% year over year. In plain terms, fraudsters are executing attacks using software that can test systems, mimic human behavior and move at a speed no person can match. 

None of that proves exactly how Ivy’s account was compromised. Her story does not answer that question and neither did the bank.

Fraud doesn't happen in one place and that makes it harder to catch.

Fraud like this is hard to stop for a simple reason. The signs may exist, but they do not arrive neatly in one place, moment or system.

One bank may see unusual login behavior. Another institution may see a device linked to prior fraud.

A login can look ordinary on its own.

So can a transfer request. So can a payment.

Trouble comes from the way those pieces sit apart from one another, each one carrying only part of the story unless someone can connect them in time.

The Cybercrime Report shows how often this disconnect happens.

One bank may flag suspicious activity, while the bank receiving the money does not yet see anything unusual.

In many cases, the signals remain too fragmented across institutions to recognize the risk before the funds move.

From Ivy’s side of the counter, none of that was visible. She saw one line on a printed statement and an account balance that no longer matched with her reality. Whatever signals may have existed before that moment were either elsewhere or too fragmented to change the outcome before the damage was done. 

Organizations Can Spot Risk Signals Sooner

“The bank said the only reason why I got my money back in a timely fashion is because I caught it so early. Dumb luck.” 

Ivy found the withdrawal in less than 24 hours and got her money back within 10 days, even though she had first been told it could take six weeks. But fraud prevention cannot depend on customers discovering fraud after the damage has already begun. Organizations need ways to recognize suspicious activity before customers are left dealing with the consequences.

Fraud often leaves patterns behind long before a customer realizes something is wrong, from repeated failed logins and unfamiliar devices to unusual transaction behavior and connections between accounts, phone numbers or payment destinations.

Earlier visibility does not guarantee that fraud disappears. Organizations do have a better chance of stopping suspicious activity before funds move when those signals can be connected across the customer journey and viewed alongside broader network and consortium intelligence. A login anomaly, a new device or an unusual payment may not appear suspicious on its own. Combined with signals observed across accounts, institutions and payment destinations, those same events can reveal patterns that warrant stepped-up authentication, transaction reviews or other intervention before a loss occurs. 

In one case, an organization using LexisNexis® ThreatMetrix® in account-to-account payments stopped 56% more fraudulent transactions and prevented $7.65 million in losses each year. In another, a bank using the same technology in online banking was able to identify most of the fraud happening in those transactions and prevent an additional $1.48 million in losses. A third UK-based bank used LexisNexis® Digital Identity Network® to connect activity across accounts, increasing scam detection by 71% and identifying more than £500,000 in fraud attempts in just 20 days. 

Those numbers do not promise a perfect system or a world where fraud disappears. They do show that earlier visibility improves an organization's ability to step up authentication, hold transactions for review and intervene before a loss occurs. It can mean the difference between stopping suspicious activity before money moves and identifying it only after the damage is done.

Ivy got her money back, but the experience changed the way she thought about fraud. Until she stood at the counter that morning, there had been no warning that anything was wrong.

Her story reflects what fraud can look like when suspicious signals remain disconnected across the customer journey. Earlier visibility gives institutions a better chance to recognize patterns across logins, devices and payments before the customer is left dealing with the aftermath.

The customer scenario described is based on real events but may include fictionalized or anonymized elements for privacy.  This material is provided for general informational purposes and should not be construed as legal, financial, or regulatory advice.  Organizations should consult their own advisors regarding specific circumstances.  Any statistics, case studies, or performance results described herein are provided for illustrative purposes only. Actual results may vary depending on a variety of factors, including implementation, use case, and operating environment. Past performance is not indicative of future results.  LexisNexis® Risk Solutions products are designed to support fraud detection and risk management efforts but do not guarantee the prevention or elimination of fraud or financial loss.  Findings referenced from the LexisNexis® Risk Solutions Cybercrime Report are based on aggregated and anonymized transaction data and internal analysis. Such data reflects trends and should not be interpreted as definitive or comprehensive of all fraud activity.  Any personal information referenced in this story has been anonymized or altered to protect individual privacy.

LexisNexis and the Knowledge Burst logo are registered trademarks of RELX Inc., registered in the U.S. or other countries.  ThreatMetrix and Digital Identity Network are registered trademarks of ThreatMetrix, Inc., registered in the U.S. or other countries. Other products or services may be trademarks or registered trademarks of their respective companies.  Copyright © 2026 LexisNexis Risk Solutions.